CVE-2019-17621
Last modified
CVE-2019-17621 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.. CISA has confirmed active exploitation in the wild. EPSS estimates a 89.62% chance of exploitation in the next 30 days.
Description
The UPnP endpoint URL /gena.cgi in the D-Link DIR-859 Wi-Fi router 1.05 and 1.06B01 Beta01 allows an Unauthenticated remote attacker to execute system commands as root, by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Status
This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by .
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Dlink | Dir-859 Firmware | <= 1.05b03 | — |
| Dlink | Dir-859 Firmware | 1.06b01 | Beta1 |
| Dlink | Dir-822 Firmware | <= 2.03b01 | — |
| Dlink | Dir-822 Firmware | <= 3.12b04 | — |
| Dlink | Dir-823 Firmware | <= 1.00b06 | — |
| Dlink | Dir-823 Firmware | 1.00b06 | Beta |
| Dlink | Dir-865l Firmware | <= 1.07b01 | — |
| Dlink | Dir-868l Firmware | <= 1.12b04 | — |
| Dlink | Dir-868l Firmware | <= 2.05b02 | — |
| Dlink | Dir-869 Firmware | <= 1.03b02 | — |
| Dlink | Dir-869 Firmware | 1.03b02 | Beta02 |
| Dlink | Dir-880l Firmware | <= 1.08b04 | — |
| Dlink | Dir-890l Firmware | <= 1.11b01 | — |
| Dlink | Dir-890l Firmware | 1.11b01 | Beta01 |
| Dlink | Dir-890r Firmware | <= 1.11b01 | — |
| Dlink | Dir-890r Firmware | 1.11b01 | Beta01 |
| Dlink | Dir-885l Firmware | <= 1.12b05 | — |
| Dlink | Dir-885r Firmware | <= 1.12b05 | — |
| Dlink | Dir-895l Firmware | <= 1.12b10 | — |
| Dlink | Dir-895r Firmware | <= 1.12b10 | — |
| Dlink | Dir-818lx Firmware | All versions | — |
References
- http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
- https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104Exploit, Third Party Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146Patch, Vendor Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147Patch, Vendor Advisory
- https://www.dlink.com/en/security-bulletinVendor Advisory
- https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdfThird Party Advisory, US Government Resource
- http://packetstormsecurity.com/files/156054/D-Link-DIR-859-Unauthenticated-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
- https://medium.com/%40s1kr10s/d-link-dir-859-rce-unautenticated-cve-2019-17621-en-d94b47a15104Exploit, Third Party Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10146Patch, Vendor Advisory
- https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147Patch, Vendor Advisory
- https://www.dlink.com/en/security-bulletinVendor Advisory
- https://www.ftc.gov/system/files/documents/cases/dlink_proposed_order_and_judgment_7-2-19.pdfThird Party Advisory, US Government Resource
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-17621US Government Resource
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2019-17621?
How severe is CVE-2019-17621?
How do I fix CVE-2019-17621?
Are you affected by CVE-2019-17621?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST